Note:
This project will be discontinued after December 13, 2021. [more]
Main entries ~3682 :
Remaining NVD entries (unprocessed / no code available): ~296690 :
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2013-01-03 | CVE-2012-5665 | ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 does not properly restrict access to settings.php, which allows remote attackers to edit app configurations of user_webdavauth and user_ldap by editing this file. | Owncloud | N/A | ||
| 2014-04-04 | CVE-2012-5648 | Multiple SQL injection vulnerabilities in Foreman before 1.0.2 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) app/models/hostext/search.rb or (2) app/models/puppetclass.rb, related to the search mechanism. | Foreman | N/A | ||
| 2013-02-24 | CVE-2012-5647 | Open redirect vulnerability in node-util/www/html/restorer.php in Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the PATH_INFO. | Openshift, Openshift_origin | N/A | ||
| 2013-02-24 | CVE-2012-5646 | node-util/www/html/restorer.php in the Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to execute arbitrary commands via a crafted uuid in the PATH_INFO. | Openshift, Openshift_origin | N/A | ||
| 2012-12-31 | CVE-2012-5642 | server/action.py in Fail2ban before 0.8.8 does not properly handle the content of the matches tag, which might allow remote attackers to trigger unsafe behavior in a custom action file via unspecified symbols in this content. | Fail2ban | N/A | ||
| 2014-03-18 | CVE-2012-5641 | Directory traversal vulnerability in the partition2 function in mochiweb_util.erl in MochiWeb before 2.4.0, as used in Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1, allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the default URI. | Couchdb, Mochiweb | N/A | ||
| 2012-12-26 | CVE-2012-5625 | OpenStack Compute (Nova) Folsom before 2012.2.2 and Grizzly, when using libvirt and LVM backed instances, does not properly clear physical volume (PV) content when reallocating for instances, which allows attackers to obtain sensitive information by reading the memory of the previous logical volume (LV). | Folsom, Grizzly | N/A |
| Date | Id | Summary | Products | Score | Patch |
|---|---|---|---|---|---|
| 2025-07-11 | CVE-2025-7503 | An OEM IP camera manufactured by Shenzhen Liandian Communication Technology LTD exposes a Telnet service (port 23) with undocumented, default credentials. The Telnet service is enabled by default and is not disclosed or configurable via the device’s web interface or user manual. An attacker with network access can authenticate using default credentials and gain root-level shell access to the device. The affected firmware version is AppFHE1_V1.0.6.0 (Kernel: KerFHE1_PTZ_WIFI_V3.1.1, Hardware:... | N/A | N/A | |
| 2025-07-11 | CVE-2013-3307 | Linksys E1000 devices through 2.1.02, E1200 devices before 2.0.05, and E3200 devices through 1.0.04 allow OS command injection via shell metacharacters in the apply.cgi ping_ip parameter on TCP port 52000. | N/A | N/A | |
| 2025-07-11 | CVE-2025-30403 | A heap-buffer-overflow vulnerability is possible in mvfst via a specially crafted message during a QUIC session. This issue affects mvfst versions prior to v2025.07.07.00. | N/A | N/A | |
| 2025-07-11 | CVE-2025-3631 | An IBM MQ 9.3 and 9.4 Client connecting to an MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it. | N/A | 6.5 | |
| 2025-07-11 | CVE-2025-7453 | A vulnerability was found in saltbo zpan up to 1.6.5/1.7.0-beta2. It has been rated as problematic. This issue affects the function NewToken of the file zpan/internal/app/service/token.go of the component JSON Web Token Handler. The manipulation with the input 123 leads to use of hard-coded password. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. | N/A | 3.7 | |
| 2025-07-11 | CVE-2025-7454 | A vulnerability classified as critical has been found in Campcodes Online Movie Theater Seat Reservation System 1.0. Affected is an unknown function of the file /admin/manage_theater.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | N/A | 7.3 | |
| 2025-07-11 | CVE-2025-30402 | A heap-buffer-overflow vulnerability in the loading of ExecuTorch methods can cause the runtime to crash and potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit 93b1a0c15f7eda49b2bc46b5b4c49557b4e9810f | N/A | N/A |